We help IT Professionals succeed at work.

Remote office Roaming Profile problems over VPN

roundst
roundst used Ask the Experts™
on
Hi,

We have 2 offices linked via an IPSEC VPN - the routers in each office negotiate this.

The head office has several PCs and a Win2000 SBS server. IP address range 192.168.16.0/255.255.255.0
The remote office has several PCs. IP adress range 192.168.19.0/255.255.255.0

All machines are in the same domain, and i can add machines in either office to the domain. Pinging etc all works ok within each office, and also to the other office.
However, when a user logs on in the remote office, the roaming profile can take up to 2 hours to copy! (and they're less than 2Mb!)

Am i missing something, or should the above work?

Is there anything i can check to see what's going on?

Thanks in advance

c
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Profiles contain the My Documents folder as well as other potentially large folders.  Just making sure you have redirected folders turned on...  Otherwise, at each logon/logoff, the My Documents folder gets copied down/up to the server containing the profiles.  With redirected folders, you can leave these large folders on the file servers and considerably reduce network traffic during logon/logoff.

Otherwise, maybe it's an incorrect MTU?  What equipment runs your site-to-site VPN?

Author

Commented:
none of the users store stuff in the My Documents folder - only in the appropriate file shares on the main server.

I created a special profile to do the timings which was 1.8Mb in size. I know our link is standard ADSL (at the mo), but we can copy 2Mb data files in a few mins. It just seems to be the logons that cause problems :(

We currently run Billion 7402R2 routers on both ends.. they have been used by me on other projects with no problems.

C
It REALLY sounds like an MTU issue on the routers.  I suggest you lower the maximum segment size to possibly 1400 and possibly even lower and set the MTU to 1452.  I am not familiar with the routers you mention so I wouldn't know how to assist for that however.

Author

Commented:
ok - thanks - will try that.

would changing the netmask to 255.255.0.0 help at all ?

c
No.  Changing the mask would resize your IP addressing to a huge subnet which would be unusable...